Weekly Threat & Vulnerabilities Report

Template Injection vulnerability in Rejetto HTTP File Server 2.3m

Improper Authentication vulnerability in Ruijie RG-EW1200G 07161417 r483

Remote code execution vulnerability in Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1.

Buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions leads to denial of service or remote code execution on affected device

Privilege escalation vulnerability in web UI feature of Cisco IOS XE Software

Command injection vulnerability in LB-LINK devices.

Arbitrary File Upload Vulnerability in Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers

Command Injection Vulnerability in TP-Link Archer AX-21.

Command injection vulnerability via the Ping function in Tenda Products.

Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server

An unauthenticated command injection vulnerability found in the TP-Link Archer AX21 WiFi router.

Command injection vulnerability in LB-LINK BL-AC1900_2.0 1.0.1, BL-WR9000 2.4.9, BL-X26 1.2.5 and BL-LTE300 1.0.8

Remote code execution vulnerability in Huawei HG532 router

Improper protocol access control vulnerability in Eir D1000 modem.

Arbitrary command execution vulnerability in D-Link DIR-645 Wired/Wireless Router

Command Injection vulnerability in “setCookie” parameter in Zyxel NAS326 and NAS542 devices

Missing Authentication for Critical Function vulnerability in UNIMO Technology digital video recorders and UDR-JA1016 firmware

Use-After-Free vulnerability in Linux Kernel nft_object leads to privilege escalation